Getting Data In

Discussions

Thread Info

Why does a Splunk 5.0.2 universal forwarder ignore monitor stanzas for files ending in ".splunk"?

As weird of a situation as I think this is, I do believe that is what is going on... I had this stanza in inputs.c...

by Communicator in

Forwarder shows extreme lag or latency when sending Windows Security Eventlog data

A Windows 2008R2 Domain Controller in another geographical, and the Security Events are perpetually multiple days beh...

by Splunk Employee in

Why am I seeing a mismatch between Key-Value and Count after ingesting JSON data?

I have ingested JSON data & Splunk has extracted important fields automatically, but I see some mismatch between Key-...

by Builder in

Heavy forwarder as cluster master

Hello splunkers! It is possible to configure heavy forwarder as cluster master? My heavy forvarder forward all da...

by Communicator in

How to configure SSL certificates to securely forward logs from multiple universal forwarders to our indexer server?

Hi, We have a requirement to forward logs from clients (Splunk universal Forwarders) to a server using SSL (tls1.2...

by Influencer in

Splunk DB Connect: Why is the timestamp specified in inputs.conf not being parsed?

Hello, I am trying to import data from a MySQL database. While the import works fine, the time field gets popul...

by Path Finder in

Why isn't the universal forwarder processing all the monitor stanzas in inputs.conf for multiple folders on a Kiwi syslog server?

Newbie question - I have an inputs.conf which is configured to monitor multiple folders on a Kiwi syslog server. Ever...

by Path Finder in

Why are our Cisco Syslog hosts showing up as time zone instead of IP and how do I fix this?

I have recently started sending logs for my Cisco devices to Splunk. Most of my logs show the IP address of the devic...

by New Member in

Why am I getting error "TcpOutputProc - the 'defaultGroup' property contains an invalid group name - heavy_forwarder"?

My end server is not visible in search and i see the below errors in the log. TcpOutputProc - the 'defaultGroup' p...

by New Member in

[AIX] Universal Forwarder requires read access on `/etc/inittab` or else daemon won't start

When installing the Splunk 6.1.1 Universal Forwarder on AIX7.1, splunkd seems to require read access on /etc/inittab ...

by Engager in

on Splunk 5.0

How to add date time range to the dashboard on the Splunk 5.0

by New Member in

Can i use rest API to see the latest result of a saved search?

In the web Interface of Splunk - Saved Searches. One can view the latest result of a saved search. This wil give the ...

by Path Finder in

Why am I losing the timestamp for events after creating a summary index of results with the collect command?

I'm using the collect command to copy a set of frequently queried events to a summary index. When I search for the fo...

by Path Finder in

How to upload and index a text file containing more than 1500 lines without any line breaks?

Hi I would like to upload a text file containing more than 1500 lines without any line breaks. How do I do this in...

by Path Finder in

Why is my transforms.conf configuration with multiple transforms not assigning different sourcetypes correctly?

I have a data source where I'm applying multiple transforms (because there are multiple possible formats for the log ...

by Builder in

Loadbalancer or intermediate forwarder?

Hi I have many of universal forwarders that send (autoLB) events to multiple indexers in distributed search mode. ...

by Motivator in

Events have wrong timestamp. How to correct time configuration?

Hi all! Sorry, if this question was already asked by someone, but i'm stuck with a time configuration. So, i just ins...

by New Member in

Since our IIS log format changed, how do I tell Splunk to reindex IIS logs with a new format?

On a few of our IIS servers, some one checked off a few extra fields to be logged, which is not bad to have more info...

by Explorer in

Is there a way to get the current retention and archiving policies that are defined for backups?

Hello Experts, Is there a way to get the current policies that are defined for backups? How often/when does the i...

by Communicator in

How do you reload a file?

The permissions were incorrect for files being monitored. The files appeared to be indexed but they are not in Splunk...

by Path Finder in

Need to eliminate over 90% of forwarded events before reaching indexer. What is the CPU load on a UF?

I have an indexer license being overwhelmed by useless Windows UF event forwarding (across 40+ UFs). I have determine...

by Path Finder in

Integration interface

Hi everyone! Anybody know how to automatically save the results of a search job to flat files? The search job is sche...

by New Member in

Unable to monitor and index a log file

Splunk is unable to monitor a local file - and a search query is not returning any values - No events is indexed, How...

by Builder in

Where should I "Upload" a CSV file in a distributed search and indexer clustering environment?

I've been wondering this for a while, but haven't found a worthwhile answer in the documentation. I have clustered in...

by Communicator in

Configuring forwarding from splunk to an external syslog server

Hello, What is the recommended method of forwarding all splunk inputs to an external syslog server listening on UD...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why does a Splunk 5.0.2 universal forwarder ignore monitor stanzas for files ending in ".splunk"?

Forwarder shows extreme lag or latency when sending Windows Security Eventlog data

Why am I seeing a mismatch between Key-Value and Count after ingesting JSON data?

Heavy forwarder as cluster master

How to configure SSL certificates to securely forward logs from multiple universal forwarders to our indexer server?

Splunk DB Connect: Why is the timestamp specified in inputs.conf not being parsed?

Why isn't the universal forwarder processing all the monitor stanzas in inputs.conf for multiple folders on a Kiwi syslog server?

Why are our Cisco Syslog hosts showing up as time zone instead of IP and how do I fix this?

Why am I getting error "TcpOutputProc - the 'defaultGroup' property contains an invalid group name - heavy_forwarder"?

[AIX] Universal Forwarder requires read access on `/etc/inittab` or else daemon won't start

on Splunk 5.0

Can i use rest API to see the latest result of a saved search?

Why am I losing the timestamp for events after creating a summary index of results with the collect command?

How to upload and index a text file containing more than 1500 lines without any line breaks?

Why is my transforms.conf configuration with multiple transforms not assigning different sourcetypes correctly?

Loadbalancer or intermediate forwarder?

Events have wrong timestamp. How to correct time configuration?

Since our IIS log format changed, how do I tell Splunk to reindex IIS logs with a new format?

Is there a way to get the current retention and archiving policies that are defined for backups?

How do you reload a file?

Need to eliminate over 90% of forwarded events before reaching indexer. What is the CPU load on a UF?

Integration interface

Unable to monitor and index a log file

Where should I "Upload" a CSV file in a distributed search and indexer clustering environment?

Configuring forwarding from splunk to an external syslog server

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Edge Processor Destination not showing up in Pipel...

Palo alto Strata logging service logs

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...